Where do I find People to Address and Address to People Finder websites? A list of People information and Property information websites is below:


123people.com (Alexa rank=9275)(results not very accurate, not displayed on website)
411.com (Alexa rank=9,243)
accurint.com (requires subscription, no ID info published)
AccuTellus.com
Acxiom.com(search facilities not obviously provided on website)
AddressSearch.com(not very accurate)
Ameridex.com(no direct search facilities)
Ancestry.com(takes a deal of work to obtain info, requires cash outlay for details)
Archives.com(no ID'ing info displayed after search, subscription required)
Aristotle.com(no free search facilities provided, subscription required for access)
Ark.com (currently invite only) (search people via social media profiles, does not provide a way to prevent from being searched or an opt-out method at the time of review (11/24/2012),account requires invite request and receipt of invite approval prior to given authority to search)
anywho.com ( phone book type entries displayed, no age or address provided, uses YP.com search results)
BackgroundReport360.com(search facilities on home page, results not accurate)
beenverified.com(search facilities on home page, accurate results displaying age, cities previously lived, relative full names)
birthdatabase.com (provides EXACT birth date (month/day/year), incredible; based on some preliminary research, the source of exact birth date appears to be linkedin and/or dating sites like match)
DirtyPhoneBook.com(not very accurate)
dobsearch.com(provides age via search facility but not exact birth date (mm/dd/yyyy)
dogpile.com (people search using the WhitePages tab on the search window and it publicly displays ID info from Intelius and USSearch)
Email Finder(provides search facilities on home page with ID'ing info (age, locations lived, relatives, etc.) free of charge)
Facebook friend finder (friend finder, displays brief summary of Facebook page via search facility; log in not required; FB not really a people data finder site; results only about FB pages)
facesaerch.com(displays pictures based on name or terms searched)
findanyone.com (Alexa rank=1,414.955)
FindPeople onPlus(website used to find people of Google+, only displays people on the Google+ network)
FreePhoneTracer(partially accurate results, accurate results require cash outlay)
freshaddress.com (e-mail address search, Alexa rank=526,123)
Google search (search your name via common Google search using your full name, city and state and see what shows up)
inforegistry.com (Alexa rank=575,515)
infospace.com (provides search function for people finder websites, this company is now known as BluCora)
InstantCheckMate(Alexa rank=3164) (ID'ing info (name, age, one full address and partial phone number) displayed if a record is found via search facilities provided on home page after agreeing to warning pop-up window)
instantpeoplefinder.com
intelius.com (Alexa rank=3513) (provides name, location and reverse phone # search facilities on website, accurate ID info provided publically includes age, relatives names, previous cities lived, other information provided for charge)
jigsaw.com (redirected to Salesforce data.com Contacts by Jigsaw)(Rank=4,575)
kgbpeople.com
knowx.com (no ID info publically displayed, for a fee provides info about business background such as bankruptcies, lawsuits, liens, judgements, etc. lexis site)
lexisnexis.com (Alexa rank=8,099)(need a subscription to access information, no personal information published on website, link provided to perform people search: Lexis people search resource page)
LinkedIn (this site does not display people's ages on site)(Alexa rank=12)
locateplus.com (ID info available via subscription, no ID info available via search facilities directly on website)
LookUp(provides accurate ID'ing info on site via search facilities available on home page; ID'ing info includes accurate age, relatives, previous cities as well as almost full e-mail address that you can easily figure out; now I know why I am being spammed so much on that e-mail address)
LookupAnyone(provides accurate ID'ing info (age, previous cities, relatives, no e-mail) on site charge free via search facilities on home page)
LookupExpert(provides limited but accurate ID'ing info (age, one location) via search facilities on home page)
merlindata.com (requires subscription, no ID info published on website, no search facilities provided on website directly, can provide full SSN via subscription service, popular with private investigators)
my.email.address.is (Alexa rank=520,955)(e-mail address search only)
my Free E-mail Search (Alexa Rank=643,543)
MyLife (Alexa rank=2168)(Facebook login or account creation required prior to provision of search facilities, no ID'ing information available without login)
MySpace people finder
NumberGuru(Reverse phone number look up via search facilities on home page, accurate but non ID'ing info displayed (carrier (Sprint) & location)
Peeepl(search facilities from home page result in general list of names but no ID'ing info; link to Spokeo provided)
peekyou.com (Alexa rank=4,435)
person.langenberg.com
peopledata.com
peoplefinders.com (4,454)
peoplelookup.com
peoplesearching.com (Alexa rank=586,910)
Peoplesearchnow.com(accurate ID'ing info (name, age, previous cities) displayed charge free on website using search facilities available on home page)
peoplesmart.com (Alexa rank=3257)(ID info provided on website (age, relatives, previous cities lived with partial address for all listings) free of charge via easily accessed search facilities)
phonesbook.com
PhoneDetective(partial info displayed free o charge via search facilities on home page, full info provided for fee)
pipl.com (Alexa rank=4084)(provides ID info via search facilities; multiple results from several people search providers are listed; exact age, address, relatives and previous cities lived provided free of charge)
plaxo.com (Alexa rank=7,314)
privateeye.com
PublicBackgroundChecks(displays accurate ID'ing info (name, age, cities lived, relatives) via search facilities on home page)
PublicRecords(displays accurate ID'ing info (name, age, cities lived, relatives) free of charge via search facilities on home page)
PublicRecordsNow(displays accurate ID'ing info (name, age, cities lived, relatives) free of charge via search facilities on home page)
radaris.com (not very accurate people search)
rapleaf.com (provides e-mail search functions; search facilities not available from home page; account creation (free) required prior to initiating searches)
reversenumberdatabase.com (provides phone number information via search facilities on home page; provides current comments on phone numbers below search facility)
reunion.com (Alexa rank=62,300, now part of MyLife.com)
searchbug.com (not very accurate which is good for private people)
skipease.com (uses peoplesmart.com search function for people, provides search facilities for multiple people finder websites)
spock.com (forwards to Zabasearch)
spoke.com
Spokeo.com (Alexa rank=1913) (provides ID info publicly via search facilities; age is estimated)
Squidoo person finder (list of people finder sites)
tlo.com (professional) (requires subscription, no ID info published on website, no web search facility provided, provides investigative facilities for public and private-proprietary records)
TopPeopleFinder(displays accurate ID'ing info (name, age, cities lived, relatives) free of charge via search facilities on home page; ad video plays automatically if you leave results on page for a few minutes)
usa-people-search.com (this one's opt-out policy (remove my info) is the worst type. They require you to send them a paper (yes, PAPER!) letter with a stamp to request to remove your information. Is that legal?) (Alexa Rank=50,208)
USIdentify(displays free of charge name, age and known locations (city,st) via home page search facilities)
USsearch.com (does not reveal age)
Verify.com(search facilities provided on home page, partially accurate (only age accurate) ID'ing information displayed charge free)
veromi.net(provides ID'ing info (your name, age and known locations) as well as the age of your possible relatives via search facilities from home page)
Waatp (provides US map of name of person searched, click map for detail, does not provide exact age but map of your living location is exact)
webmii.com
WestLaw People FinderNo ID info displayed without paying fee)
whowhere.com
whitepages.com (ADDRESS to People info. Can put in address of location and get information about people living or associated with that location. WHAT!?) (Alexa rank=785)
wink.com (Alexa rank=46,829)
xing.com (mostly in Europe)(Alexa rank=263)
Yahoo people search
yasni.com (Alexa rank=4,050)
yoname.com (Alexa rank=738.054, very little detail is revealed in the initial results, just name)
zabasearch.com (Alexa rank=26,185)
zoominfo.com (Alexa rank= 4,283 ,mostly business profile information)

Search the usenet database (old method)


The above list excludes foreign websites (which could number in the thousands or more). I did not wish to test these for concern I would be attacked by a epic array of viruses. Just be aware your information (SSN, credit card #s, bank account numbers, etc.) is likely available on these websites as well as those above.



People finder websites claim they obtain information from publicly accessible resources. To prevent your information from being displayed, you need to follow the non-publish/opt-out procedures for each website or use services that will do it for you for a fee. The non-publish or opt-out procedures often force you to send exact information (such as the month, day and year of your birth, photo copy or scanned driver's license) that the people finder websites may only have in fractional format. So, the process of opting out provides even more information to these companies or verifies the information they have as accurate and true which they may not have had prior to your opt-out request and increases its value for which they can sell it off to other affiliated and non-affiliated companies at a higher price (than non-verified information). Also and unfortunately, this removal process is not a not one-time event on your part as the people info publishing websites can easily apply their existing technology to a shiny new website name and/or phone app and again start publishing your information. You or a company you hire will have to contact this "new" company to remove your information. As you can easily figure out, this process (new website-app launched/your info published/you request to stop/they stop/transfer your info to a new company and start again) can keep going and going for a long time. The list above is not complete and is only accurate as of Nov. 2012. These websites may be helpful in performing background checks on individuals(such as a potential date or spouse, contractor, etc.). Famous people have a tough (almost impossible) challenge concealing their information from being publicly displayed as even sites such as Wikipedia and some search engines clearly publish their birth dates (m/d/y), spouse, children, locations lived, net worth and other information commonly available on people finder websites.

NOTE: Spokeo.com was fined $800,000 in June 2012 by the Federal Trade Commission (FTC) for violation of the Fair Credit Reporting Act (FCRA). Spokeo was fined for collecting details about people and selling it (to supposed potential employers) without protecting individual privacy.

INFOJET.org has no affiliations (direct or indirect) with any people finder websites listed above.

Info removal sites (partial list):
Reputation.com(fee charged to remove info from people finder sites, Expensive)(Infojet has no affiliation with Reputation.com)










See infojet.org on the following:










Radio stations (streaming): KRXQ(HardRock) KXPR(classic)

infojet.org_home page QR code(scan with mobile phone):



QR code generator


RGB color ref




JavaScript example:

Date and time onclick

.site-header.float-header {
      background-color: transparent;
}

.site-header {
	background-color: #ffffff;
	position: relative;
}

.site-info { display: none; }

This document is an overview of the keys that allow you to display a list of startup devices and/or boot to a system BIOS/UEFI.(as of March 17, 2018)

Cybersecurity Preparation/Planning, Detection, Response, Recovery, Public Affairs and Legal Discussion Questions

Cyber Preparedness and Planning

1. Has your organization conducted a cyber risk assessment to identify organization specific threats and vulnerabilities?

a. What are your most significant threats (bad things from the outside like ransomware) and vulnerabilities (running obsolete/end of life software and hardware)?

b. What are your highest cyber security risks?

2. How does your organization integrate cybersecurity into the system development life cycle (i.e., design, procurement, installation, operation, and disposal)?

3. Discuss your supply chain concerns related to cybersecurity.

4. How do you communicate your cybersecurity concerns to your vendors and how do you evaluate their cybersecurity performance?

5. What role does organizational leadership play in cybersecurity? Does this role differ during steady-state and incident response?

6. What level of funding and/or resources are devoted to cyber preparedness?

Based on your risk assessment, what is the range of potential losses from a cyber incident?

7. Discuss cyber preparedness integration with your current all-hazards preparedness efforts.

Who are your cyber preparedness stakeholders (public, private, non-profit, other)?

8. What mission essential functions depend on information technology and what are the cascading effects of their disruption?

Have you had any external review or audit of your IT plans, policies, or procedures within the last year?

Are background checks conducted for IT, security and key supporting personnel?

Is there a manager/department in charge of cybersecurity management?

If yes, is this the primary function of that manager?

How does your organization recruit, develop, and retain cybersecurity staff?

How well-defined is cybersecurity in relation to contracts with third-party support vendors and crucial suppliers?

a. How often are contracts reviewed?

b. How well do your service level agreements address incident response?

Discuss the status of cyber preparedness planning within your organization.

a. Have you completed a business impact analysis?

Does the analysis include information technology (IT) infrastructure supporting mission essential functions identified in continuity of operations and continuity of government plans?

b. Is cybersecurity integrated in your business continuity plans?

Does your business continuity and/or disaster recovery planning have a prioritized list of information technology infrastructure for restoration?

c. How have IT specific plans been coordinated with other planning efforts such as an Emergency Operations Plan or Continuity of Operations Plan?

How is cybersecurity integrated into both organizational and project risk assessments and management?

Does your organization employ a formal sanctions process for personnel failing to comply with established information security policies and procedures?

If so, has this been communicated to employees?

Does your organization have a cybersecurity incident response plan?

When was it issued? When was the incident response plan last revised?

What authorities require which departments or agencies to follow the plan?

Does your organization utilize multi-factor authentication?

Does your IT department have a patch management plan in place?

If so, Are risk assessments performed on all servers on the network?

Are processes in place to proactively evaluate each server’s criticality and applicability to software patches?

Does this plan include a risk management strategy that addresses the following considerations?

The risks of not patching reported vulnerabilities?

Extended downtime?

Impaired functionality?

The loss of data?

Do you have a method for tracking and/or identifying problematic pieces of firmware in your organization, should a vulnerability be identified?

What processes does your organization have in place for when an employee is terminated or resigns?

a. Are there any additional processes that are implemented if the employee’s termination is contentious?

b. Does your organization retrieve all information system-related property (e.g., authentication key, system administration's handbook/manual, keys, identification cards, etc.) during the employment termination process?

Do any third-party vendors have unmitigated access into your network?

a. What protections do you have in place to protect against malicious intent by those vendors or outside parties that have access to your network?

What are your identified responsibilities for, and capabilities to, prevent cyber incidents?

Who is responsible for network and information security management?

Can you identify key documents that support cyber preparedness at a federal, state, or local level?

Does your organization follow a cybersecurity standard of practice (NIST Cybersecurity Framework/800 Series, ISO/IEC, etc.)?

If so, which?

Are there flowcharts showing the high-level relationships and crisis lines of communication (i.e., who calls who) specifically for a cyber incident?

Are they part of the response or continuity planning documents?

Does your organization have a formal or informal policy or procedures pertaining to IT account management?

a. Do these policies or procedures include protocols for establishing, activating, modifying, disabling, and removing accounts?

b. Do these policies or procedures include protocols/steps for notifying IT account managers/administrators when users are terminated?

Are IT and business continuity functions coordinated with physical security?

Are all three then collaborating with public relations, human resources, and legal departments?

Do you have processes to ensure that your external dependencies (contractors, power, water, etc.) are integrated into your security and continuity planning and programs?

Describe the decision-making process for protective actions in a cyber incident.

What options are available?

Have these options been documented in plans?

How are they activated?

What immediate protective and mitigation actions would be taken at your organization in this scenario?

Who is responsible for those actions?

What protective actions would you take across non-impacted systems or agencies in the scenario presented?

Who is responsible for protective action decision-making?

How are actions coordinated across parts of the organization?

Compare and contrast physical and cyber incident notifications and protective action decision-making.

What systems or processes are the most critical to running elections?

a. Is this decision codified in an incident response plan?

b. What processes are in place to run elections in the event computer systems are compromised (what backup systems do we have to maintain operations?)?

How do you protect the integrity of your voter registration database?

a. What entities have access to the database?

b. How would those entities report a breach of their systems to your office?

How do you protect the integrity of your voting equipment?

a. What entities have access to your voting equipment?

b. What entity is responsible for securing the voting equipment?

c. Does your organization maintain contact information with all relevant parties in case of an incident?

What is your planned cyber incident management structure?

a. Who (by department and position) leads incident management and why?

b. How are they notified?

c. When did they last exercise their role?

d. What is the length of your operational period (i.e., your “battle rhythm”)?

e. What are the primary and contingency communication mechanisms necessary to support incident management?

Information Sharing

Would your organization receive the information presented in the scenario?

a. Through what channels would this information be received and disseminated?

b. Are there established mechanisms to facilitate rapid information dissemination?

c. Are there known communication gaps?

If so, who in your organization is responsible for addressing those gaps?

d. What actions, if any, would your organization take based on this information?

What sources of cybersecurity threat intelligence does your organization receive?

For example, information from the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), open source reporting, security service providers, others?

a. What cyber threat information is most useful?

b. Is the information you receive timely and actionable?

c. Who is responsible for collating information across the organization?

What mechanisms and products are used to share cyber threat information within your organization and external to your organization (e.g., distribution lists, information sharing portals)?

Describe how variables in threat information (timeframe, credibility, and specificity) impact decision-making.

How do local government entities report information to state partners?

What information, if any, would be shared between the local government IT offices, local election officials, and state officials?

a. How would this information be shared and is this process documented and/or formalized?

How is information shared among your internal and external stakeholders?

Through formal or informal relationships?

What information sharing mechanisms are in place?

What are some challenges that are experienced by information technology and business continuity planning in terms of information sharing?

Is information flowing in both directions?

Incident Identification

How do employees report suspected phishing attempts?

a. What actions does your department take when suspicious emails are reported?

b. Are there formal policies or plans that would be followed?

c. Does your department conduct phishing self-assessments?

Would any of these issues mentioned in the scenario be considered a cyber incident at this point?

What process does the general workforce follow to report suspected cyber incidents?

Is this a formal process on which they have been trained?

What would cause you or someone in your organization to report a cybersecurity incident?

a. How are incidents reported?

b. What would trigger the reporting requirements established by State law and policy?

c. Are cyber incident procedures documented in an incident response plan?

d. Who has the authority to create and enforce cybersecurity policies in your organization?

e. Are employees familiar with and have they received training on the plan?

Have you defined cybersecurity incident escalation criteria, notifications, activations, and/or courses of action?

a. If so, what actions would be taken at this point? By who?

b. Would leadership be notified?

How does your organization baseline network activity?

How would you be able to distinguish between normal and abnormal traffic?

Does the organization report cybersecurity incidents to outside organizations?

If so, to whom?

What, if any, mandatory reporting requirements do you have?

Do detection and analysis procedures differ for loss of personally identifiable information (PII), phishing attempts, data exfiltration, data modification, or other incidents?

Who is responsible for correlating information across different organizational-level incidents?

Discuss your organization’s intrusion detection capabilities and analytics that alert you to a cyber incident.

What type of hardware and/or software does your organization use to detect/prevent malicious activity of unknown origin on your systems/network?

What is your organization’s primary concern at this time?

What inject, if any, would prompt you or someone in your organization to report a cybersecurity incident?

a. How would reports flow between different levels of government (e.g., local reporting to state, or state to federal)?

Do you have someone within your organization who monitors the Dark Web?

If so, how would you verify the security researcher’s claims and confirm authenticity of the sensitive information in question?

Incident Response

What level of leadership/management would be notified at this point in the scenario?

Is there a plan in place detailing the thresholds at which different notifications are made and what information is provided?

What is your department or agency’s primary concern?

Mitigation of the incident (resolving the issue) or investigation (preserving the evidence to build a criminal case)?

Who would make this decision?

Are these mutually exclusive?

What response actions would your organization have taken at this point?

Are these actions driven by a plan?

What impact will the sale of sensitive or Personally Identifiable Information (PII) have on your response and recovery activities?

a. Will it alter priorities?

Have your public relations priorities changed?

b. Will it trigger any additional legal or regulatory notifications?

Whom will you notify, internally and externally, of these incidents?

a. Is there a process or plan in place that outlines the severity thresholds for which different notifications are made and what information is to be conveyed?

b. Are you keeping senior leadership updated?

What information is provided and how is it communicated?

c. Would you make any notification to the public?

i. If so, how are you coordinating your messaging within your organization?

ii. Do you have pre-canned messaging or holding statements for such an event?

d. How are you ensuring unity of message between your organization, the public sector, and elected officials?

How would these events affect your organization’s business operation/processes?

Do these incidents generate any concerns that have not been addressed?

How would your organization respond to the discovery of a malicious, unauthorized administrator account on your systems?

Who would be informed internally?

Who would be informed externally (e.g., law enforcement, cybersecurity insurance partners, etc.)?

What resources are required for incident investigation and attribution?

Are sufficient resources available in-house?

Would the events presented in the scenario trigger activation of your cyber incident response plan or similar document (e.g., emergency operations plan cyber incident annex)?

If so, would that alter any roles and responsibilities?

At what point in the scenario would you contact law enforcement and/or the state Attorney General?

a. How would relationships with law enforcement and other partners be managed?

Where is the process documented?

b. How does a law enforcement investigation impact containment, eradication, and recovery efforts?

c. Are processes and resources in place for evidence preservation and collection?

Discuss the difference between network and host forensics.

How are you equipped and staffed to address this?

Do you have a network operations center?

Security operations center?

What are their roles during a response?

What are your essential elements of information and key information questions necessary for operational and executive-level responses to cyber incidents?

What mission essential functions are impacted by the incidents described in the scenario?

Is there a way to maintain service availability of key assets (e.g., network connectivity, etc.) (maintain operations in all conditions)?

What capabilities and resources are required for responding to this series of incidents?

a. What internal resources do you depend on?

Are your current resources sufficient?

b. Whom do you contact if you’re in need of additional third-party assistance?

c. What resources are available within the state or locally?

How do you request these resources?

d. Do you have personnel tasked with incident response or a designated cyber incident response team within your organization?

i. If so, what threshold must be reached for the cyber incident response personnel to be activated?

Does this scenario reach that threshold?

ii. Who is responsible for activating the cyber incident response personnel and under what circumstances?

iii. What are the cyber incident response team/personnel’s roles and responsibilities?

Does this scenario exceed your organization’s ability to respond?

a. If so, are there established procedures to request additional support?

What are your organization’s response priorities?

a. Who would be notified at this point in the scenario?

Is there a plan in place detailing the thresholds at which different notifications are made and what information is provided?

b. What response actions would the IT/IS department take at this point?

Are these actions driven by a plan?

c. What response capabilities and resources are required to respond to these incidents?

What actions would be taken when the exfiltration is discovered?

Does your organization have written plans that would be implemented?

What is the decision process to determine if the ransom should be paid or not?

a. Who decides?

b. What’s the process?

c. What are the advantages/disadvantages?

d. What are the political ramifications?

e. What outside partners/entities do you need to contact?

Where do you receive cyber response technical assistance?

Do you have plans, procedures or policies in place to access this assistance?

Have you proactively identified and established the service provider relationships needed for incident/breach response issues (e.g., credit counseling, forensic/computer security services)?

What processes are used to contact critical personnel at any time, day or night?

a. How do you proceed if critical personnel are unreachable or unavailable?

If your pollbook or other critical election information system were disabled how would you continue elections operations?

a. What, if any, additional resources would you need to conduct elections if your elections information was unrecoverable?

b. Do you have mechanisms in place (e.g., MOU/MOA, contract, etc.) for arranging additional surge support of both personnel and resources on Election Day, should it be needed?

How would your organization respond to misprinted ballots?

How would a breach of another agency affect your entity if they potentially have access to your information?

a. Is the agency required to notify your entity of their breach or suspected breach?

If so, what are the notice requirements (ProConnect tax online data breach)?

Given the events of election day voting what is your greatest priority?

If the networks were found to be infected with ransomware, how would this impact the certification of election results?

a. If election results from your entity cannot be certified, how would you proceed?

How would voters locate their polling location if the locator were vandalized or disabled?

How would you determine whether unauthorized manipulation of election data has occurred?

a. How would you address the absence or alteration of voter data in the pollbooks?

b. How would you reconcile a greater number of voter versus available voters registered?

How would you respond to the allegations that the election data results were damaged or destroyed?

a. What partners would you involve in the response?

b. Have you drafted messaging in advance of an incident?

If primary communications are compromised, how do you provide information to internal and external entities?

What actions, if any, would you take based on the ballot addresses being incomplete or ballots being mailed to voters who have moved?

How would you handle the misprinted ballots?

How are voters able to vote in the event the voter registration database is compromised?

In the event of complete failure of your entity’s general network or election network, what systems would you need to successfully run an election (backup system to maintain operations)?

How would you respond to the attempts to discredit the elections process on social media?

Recovery

When does your organization determine a cyber incident is closed?

a. Who makes this decision?

b. Would your organization engage in any post-incident activities?

What actions would your organization take if your IT/incident response staff could not confirm the integrity of your systems/data?

a. Would senior leaders consider re-activating critical business processes and

systems?

What is the risk associated with doing so?

b. Would your organization consider a complete rebuild of these systems?

How long and costly would that process be?

c. What factors do you consider when making these decisions?

What formal policies and procedures does your organization use to decide when and how to restore backed-up data, including measures for ensuring the integrity of backed-up data before restoration?

Does your organization have back-ups of vital records (e.g., the voter registration database, etc.) in a location that is separated from your primary working copies of your files?

a. How frequently do you run backups?

b. How long do you keep any copies of archived files backed up?

c. How long of a downtime would exist between your primary files and the restoration of files via your back-up?

Are redundant systems in place if the impacted system(s) is compromised?

a. Are alternative systems or manual processes in place to continue operations if a critical system is unavailable for a significant period of time?

b. Who can authorize use of alternate systems or procedures?

What backup systems are utilized by participants?

a. How quickly can they be deployed?

b. How often are backups created or destroyed?

Describe your role in post-incident activity.

How would you work with critical infrastructure providers to determine the incident is over?

How does post incident-activity differ when critical infrastructure is involved?

Does your organization have a continuity of operations plan (COOP) for conducting its functions at a location other than your main building?

a. If so, how would a suspected cyber incursion impact your organization’s ability to activate its COOP Plan?

Are there further concerns that have not be discussed?

Training and Exercises

1. Does your organization provide basic cybersecurity and/or IT security awareness training to all users (including managers and senior executives)?

a. How often is training provided?

b. Does it cover:

i. Review of department and/or agency acceptable use and IT policies,

ii. Prominent cyber threat awareness,

iii. Password procedures, and

iv. Whom to contact and how to report suspicious activities?

c. Is training required to obtain network access?

d. What security-related training does your department or agency provide to, or contractually require of, IT personnel and vendors with access to your city’s or county’s information systems?

How often do they receive the training?

2. Do you regularly train elections personnel, including volunteers, on cybersecurity threats such as phishing?

a. Does your organization provide basic cybersecurity and/or IT security awareness training to all users (including managers, senior executives, and vendors)?

b. How often is training provided?

c. What topics are covered in the training sessions?

3. Do your cybersecurity incident response team members undergo any special training to detect, analyze, and report this activity?

If so, can you describe this training?

a. Is your staff sufficiently trained to read and analyze your intrusion detection system logs?

4. What training do you provide in support of your Cybersecurity Incident Response Plan, Business Continuity Plan, Emergency Operations Plan Cyber Incident Plan, or other related plans?

a. Do employees know what constitutes suspicious cybersecurity activities or incidents?

Do they know what actions to take when one arises?

5. If you have a cyber incident response plan, how often does your organization exercise the plan?

a. Who is responsible for the exercise planning?

b. What agencies are involved in the exercise?

c. What level of the organization is required to participate?

d. What actions follow the exercise?

6. What are your cybersecurity incident response team’s exercise requirements?

7. Do your organization’s exercise efforts include both physical and cyber risks?

8. Have senior or elected officials participated in a cybersecurity exercise?

9. Are there additional training and/or exercising requirements for your organization?

Senior Leaders and Elected Officials

What is your cybersecurity culture?

As a leader in your organization, what cybersecurity goals have you set?

How have they been communicated?

As it relates to your jurisdiction, what cybersecurity information do you request?

What do you receive?

What are your cybersecurity risks?

Who develops your jurisdiction’s cybersecurity risk profile?

What are their reporting requirements?

Are they directed to, required by statute, or other?

How often do they report?

Is your cybersecurity risk integrated with physical risk for an integrated jurisdictional risk assessment?

What is your jurisdiction’s greatest cybersecurity concern?

Why do you rate this concern as your greatest concern?

Who reports to you on cyber threats?

What, if any, infrastructure does your jurisdiction own, operate, and/or regulate?

What relationships do you have with critical infrastructure owners and operators?

What priorities have you set related to the cybersecurity of critical infrastructure?

What is your most important critical infrastructure?

What are your regulatory requirements related to critical infrastructure, if any?

What is the greatest threat facing your critical infrastructure?

What, if anything, is your jurisdiction able to do to mitigate it?

When did you last receive a cyber threat briefing for your jurisdiction?

How has your jurisdiction prepared for a cyber incident?

Does your jurisdiction have cybersecurity plans in place?

How many information security officers do you have?

Does the plan indicate how they will work together?

Have your information security officers and emergency managers jointly planned for cybersecurity incidents?

What are your cybersecurity workforce gaps?

How does your jurisdiction recruit, develop, and retain cybersecurity staff?

What cybersecurity training do you have planned for cybersecurity staff, managers, and general workforce?

What magnitude of incident would require you be notified?

How does that notification process work?

Is it planned?

What requirements or agreements, if any, exist for critical infrastructure to notify you of a cyber incident?

Who advises you on cyber threats?

What are your essential elements of information or critical information requirements?

What is your planned role in protective action decision-making?

What is your planned cyber incident management structure?

What parts of the government need to be engaged?

Would your jurisdiction’s Emergency Operations Center be activated in a cyber incident?

How?

Why?

What is your role in a cyber incident?

How does a law enforcement investigation impact your response?

What is your role in communicating to the public?

How are costs of the response calculated?

What information do you need to support your decision-making process?

Who is your jurisdiction’s cybersecurity liaison to privately-owned and operated critical infrastructure?

What are your expectations of the State and Federal Government?

Describe your role in post-incident activity.

What is your role in restoring and/or maintaining public confidence?

Public Affairs

What are your public affairs concerns?

Who is responsible for coordinating the public message?

Is this process a part of any established plan?

a. How would your department respond to the local media reports?

b. What information are you sharing with citizens?

Employees?

c. Are public information personnel trained to manage messaging related to cyber incidents?

d. Does your department have pre-drafted statements in place to respond to media outlets?

e. Are they trained to manage your social media presence?

f. Are all personnel trained to report any contact with the media to appropriate public information personnel?

What information would your organization communicate to the public?

How would you communicate it?

Who is responsible for public information related to the incident?

What training or preparation have they received?

How would your organization respond to the attempts at disinformation/misinformation concerning elections?

a. Does your organization have established public messaging processes as part of a larger communications plan?

b. How would your organization respond to the social media posts/rumors and local media reports?

Would you use social media or respond by drafting statements?

c. What message are you sending employees?

d. Are personnel trained to report any contact with the media to the appropriate public information personnel?

How would you inform other entities of the fake websites and social media pages?

a. How would you contact social media platforms?

b. What issues or challenges have you had in working with them?

How would your organization respond to the emerging news and social media issues?

a. Does your organization have pre-approved messages for immediate release as part of a larger communications plan?

What steps are you taking before an incident to build relationships with the media and with voters before an incident happens?

Legal

What are the legal issues you must address?

What policies should your organization have?

Does it exercise these policies?

If so, how often?

What legal documents should your organization have in place (for example with third-party vendors)?

What is the role of the legal department in this scenario?

Does your state have security breach notification laws?

If so, what do they include?

What are the consequences if you are unable to certify the official election results?

What processes are in place to collect evidence and maintain the chain of custody?

Cybersecurity evolution should eventually lead to a zero-trust environment where devices, services and people will be required to continually request access to critical systems and data. Unless otherwise stated, all access is denied by default in a zero trust environment.